30.04.2002 Detailed

7! Buffer overflow in CDE dtprintinfo   Buffer overflow in HELP subsistem.   CGI bugs updated since 29.04.2002

29.04.2002 Detailed

6! Local buffer overflow in qpop   Buffer overflow in processing ~/.qpopper-options file. 6! GOST 34.10/GOST 34.19 digital signature weakness updated since 08.04.2002   There is a weakness leading to ability to create "universal" signature without having a key. Also, it's possible to spoof content in case more than one key is allowed. It's also possible to deliberately create "weak" signature which will lead to private key compromise.

Unauthorized acces in SAP R/3   It's possible to obtain administrative access to database in default configuration.

26.04.2002 Detailed

6! Buffer overflow in Ethereal   Buffer overflow on SNMP and LADP packets parsing. DoS possibility in multiple protocols parsing.   Buffer overflow in Winamp   Buffer overflow on MP3 ID3v2 tag processing.

25.04.2002 Detailed

6! Heap overflow in sudo   Heap overflow in -p switch processing.   htaccess protection bypass in Apache   It's possible to bypass htaccess protection gor local user wia directory symlink.   Buffer overflow in Kerberos 4 ftp client   Heap overflow on long server reply.

Stack protection bypass in multiple systems   Article describes multiple exploitation techniques for different protection methods.

CGI bugs updated since 15.03.2002

24.04.2002 Detailed

6! Special DOS-device access in Microsoft Outlook Express   It's possible to hang Outlooks Express by using prn: device as a name for bgsound or iframe. It's also possible to send data to special device.   Mosix DoS   Service crashes on malcrafted packet.   LabVIEW Web Server DoS   GET request with \n instead of \r\n causes server to crash.

CGI bugs updated since 22.04.2002

Crossite scripting in PHPNuke/PostNUKE updated since 03.12.2001

23.04.2002 Detailed

7! Format string bugs in INN         Buffer overflow in XPilot         Obtaining user list in PHP safe mode   Unlimited access to getpw allows to reconstruct full users list.

File send interception in AIM   Durig file trasmitio icomig connection is accepted without additioal user or IP validation.

Buffer overflow in slrnpull   Buffer overflow on -d command line option

psyBNS DoS   Sending an oversized password causes program to hang.

22.04.2002 Detailed

9! Buffer overflow in OpenSSH updated since 20.04.2002   GETSTRING macro in radix_to_creds function may cause buffer overflow.   ICQ contact list DoS   Invalid contact packet causes program to hang.   Crossite scripting in OpenKeyServer updated since 04.04.2002

Protected files access in LilHTTP updated since 24.02.2002   By using ./ and ../ it's possible to access any files.

20.04.2002 Detailed

6! Format string bug in Foundstone Fscan   Format string bug during server banner analisys.   CGI bugs updated since 16.04.2002         CGI bugs updated since 25.03.2002

19.04.2002 Detailed

Javascript protection bypass in MHonArc   It's possible to fool protection by inserting one tag into another.   Restricted shell bypass   It's possible to et normall shell access.

18.04.2002 Detailed

7! SQL, PERL, HTML injection in IBM Informix Web DataBlade updated since 12.04.2002   There are multiple ways for SQL query modification and to execute user-supplied perl file. 6! Windows 2000 Directory Service DoS   Flood to TCP/445 (microsoft-ds) port causes server to hang. 6! Format string and buffer overflow bugs in Posadis DNS Server updated since 27.03.2002   Format string bug on logging without syslog facility.

6! Buffer overflow in Talentsoft Web+ updated since 05.03.2002   Buffer overflows in CGI supplied applications, cookie processing.

Buffer overflow in WebTrends Reporting Center

Source code retrival in Sambar updated since 17.04.2002   It's possible to get source code by adding space with NULL symbol to filename.

Unauthorized access to web administration in BackOffice   Any local user (including web Guests) can perform some administration tasks.

Physical path leakage in ColdFusion   Error message on access attempt to DOS device contains physical path.

17.04.2002 Detailed

6! Buffer overflows in Compaq Tru64 Unix   Buffer overflow in libc locale functions and -session switch of dtprintinfo. 6! Unauthorized access via OUTER JOIN in Oravle   It's possible to access tables not granted to access. 6! Directory traversal in AIM direct conect   During direct connect it's possible to send a file with a name containing "../"

6! Buffer overflo in TUX HTTPD and SYN Cookie protection bypass updated since 05.11.2001   Buffer overflow on long HTTP HOST header. By using Syncookie it's possible to bypass packet filtering.

6! Cookie access via res:\\ and about:\\ in Microsoft Internet Explorer updated since 20.10.2001   It's possible to use about:\\ and res:\\ URl to execute javascript in context of any page and local machine.

SQL injection in Demark Pure Secure

Weak permissions in HP drivers for MacOS   Some common files are writable.

Weak file permissions in pipermail   Local user can access any private maillist.

Protection bypass in Norton Personal Firewall   Few widespreaded attacks are not detected.

Protection bypass in snort   By using short packets it's possible to bypass attack signature protection.

Format string bug in AOLServer DB API   Format string bug in Ns_PdLog API call

Buffer overflow in Microsoft Office and Internet Explorer under MacOS updated since 16.04.2002   Buffer overflow on long file:// URL.

16.04.2002 Detailed

FTP bounce attack through Raptor Firewall   It;s possible to make FTP server behind firewall to connect to any IP and TCP port in internal network, since PORT command with internal adress doesn't processed correctly.   Irix XFS DoS   It's possible to create file to cause error in processing application.   Cleartext password access via SNMP in Nortel CVX   It's possible to retrive users list with passwords via default community public.

DoS and forced user addition to ICQ updated since 23.08.2001   ICQ register appllication/x-icq MIME type (.uin) for files. This files allows to add user to contact list without notice. It's also possible to cause DoS against ICQ via .hpf files.

15.04.2002 Detailed

Buffer overflow in webalizer   Buffer overflow in host name resolution during log analizing.   HTML injection via mailto: URL Interenet Explorer   It's possible to inject HTML text into mailto: reference.   CGI bugs updated since 09.04.2002

12.04.2002 Detailed

6! Buffer overflow in libX11 for OpenUnix   Buffer overflow during -xrm command string argument parsing. 6! Privelege escalation via cron in OpenBSD   During mail'ing of job results shell characters are not properly escaped for mail command.

11.04.2002 Detailed

Buffer overflow in Tivoli Storage Manager   Long request to TCP/1581 causes buffer overflow.   IP filtering problems in Watchguard SOHO   IP filtering rules may fail sometimes.

10.04.2002 Detailed

8! Multiple bugs in Microsoft Internet Information Server updated since 10.04.2002   Multiple buffer overflows, crossite scripting, DoS. 6! Open Unix X-Server MIT-SHM module shared memory access   It's possible to gain read/write access to any shared memory segment.

09.04.2002 Detailed

6! Multiple bugs in Office Web Components   Script execution, access to local files and clipboard.   Watchguard SOHO DoS   Invalid IP option flood causes device to crash.   Unauthorized remote control access to Funk Proxy   Weak file permissions, decryptable password and unauthorized access to configuration file allow to obtain administrator's password.

05.04.2002 Detailed

6! Buffer overflow in Windows NT/2000/XP updated since 04.04.2002   Buffer overflow on long request to MUP (Multiple UNC Provider)   Weak permissions in Tarantella temporary files   World-writable temporary file created with name available via prosess list.   Symbolic links in Tarantella Enterprise updated since 19.02.2002   File /tmp/spinning is created during installation process without checking for symbolic links.

04.04.2002 Detailed

6! Directory traversal and format string bug in Cisco Secure ACS   Any html, htm, class, jpg, jpeg or gif files can be remotely accessed. Format string bug can lead to remote server compromise.   Unauthorized access in HP Praesidium Webproxy         *BSD YP authentication privelege escalation

Crossite scripting in jo!

CGI bugs

Directory traversal in Quik-Serv Web Server

Code injection in PHPGroupware updated since 07.12.2000   It's possible to inject PHP code and to modify SQL query.

03.04.2002 Detailed

7! Remote root buffer overflow in Icecast server updated since 03.04.2002   Stack overflow on long GET request. 6! Buffer overflow in Novell Netware 6 Remote Manager   Buffer overflow in HTTPSTK.NLM and SERVER.NLM modules 6! Multiple bugs in FTGate updated since 26.03.2002   Buffer overflows, memory leaks and other DoS, account disclosure, weak passwords encryption, cleartext authentication, etc.

Unauthorized access in popper_mod   There is no limitation for access to administration interface in default configuration.

DoS через специальные устройства в Domino (DOS DoS) updated since 05.02.2002

Partial access to local files via CSS in Internet Explorer   Via .oFile.cssText property of Link object it's possible to get partial content of any file with structure close to CSS.

DCOM information leakage   Some RPC request may contain data from uninitialized memory.

02.04.2002 Detailed

7! Buffer overflow in Oracle 8i TNS Listener updated since 28.06.2001   Buffer overflow in pasing Net8 requests. 6! Buffer overflows in Sambar updated since 16.01.2002   Buffer overflows in long username and in few CGIs.